Vulnerabilities > EMC

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2018-1245 Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM).
network
low complexity
emc CWE-863
critical
9.0
2018-07-11 CVE-2018-11049 Uncontrolled Search Path Element vulnerability in multiple products
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability.
local
rsa emc CWE-427
6.9
2018-07-03 CVE-2018-11051 Path Traversal vulnerability in EMC RSA Certificate Manager 6.9
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server.
network
low complexity
emc CWE-22
5.0
2018-06-21 CVE-2018-1254 Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.0/8.3
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability.
network
emc CWE-79
4.3
2018-06-21 CVE-2018-1253 Cross-site Scripting vulnerability in EMC RSA Authentication Manager
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability.
network
emc CWE-79
4.3
2018-05-29 CVE-2018-1242 OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint FOR Virtual Machines
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI.
network
low complexity
emc CWE-78
4.0
2018-05-29 CVE-2018-1241 Information Exposure Through Log Files vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file.
network
low complexity
emc CWE-532
4.0
2018-05-29 CVE-2018-1235 OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability.
network
low complexity
emc CWE-78
critical
10.0
2018-04-18 CVE-2018-1240 Information Exposure vulnerability in EMC Vipr Controller 3.0.0.39
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP.
low complexity
emc CWE-200
2.7
2018-03-16 CVE-2017-8013 Use of Hard-coded Credentials vulnerability in EMC Data Protection Advisor 6.3.0/6.4.0
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges.
network
low complexity
emc CWE-798
7.5